I need some help please. I just got this computer up and running and installed winxp home. I made it as far as service pack 2 and I downloaded service pack 3 but before getting a chance to install it and my antivirus, I experienced a virus attack. Now my security center says my auto updates are turned off but when I open the auto update window, it shows it set to download and install updates automatically. The next problem is when I click the link to take me to windows update site, it takes me to google but it still shows windows update in the address bar. And finally, my antivirus says I'm not connected to the internet and therefore cannot update itself, but obviously I am on the net right now. I can go anywhere on the net that I want to except for places having to do with security or updating.

My antivirus found a few viruses using it's default definition files that it came with and successfully removed them and now the computer is acting normal except for these updating issues. 2 of those viruses were both called "Mal_Otorun" if that helps any. They were found on C: and infected the default autorun.inf file, it could not be cleaned and was deleted, it also infected my system restore point files, so now I can't even restore back to anything before the virus happened.

In hard to get rid of virus applications, I have found that malware bytes has been pretty effective. You can get it at : http://www.malwarebytes.org/. Obviously your milage may vary, and if you have something particularly nasty you are probably going to have to be in safe mode to get rid of it. I'm guessing that your hosts file has probably been modified in c:\windows(or winnt)\system32\drivers\etc .

Honestly I'd just reformat thats the only way to be sure you have removed the virus for good. When going through the reinstall i would have the anti virus on sooner and be cautious of what you download. Do you have any ideas where you got the virus?

Maybe this is partly a personal thing, but I think that it's almost always a bad idea to reinstall/format. If it's a production box and you really need its functionality, I'd suggest you do something like restore from images/backups a duplicate system, or swap drives, so you haven't messed with the infected volume. You can then get some resources onto identifying exactly what it was infected with and more importantly how, so you can ensure you won't get infected again. Might also be worthwhile keeping evidence so you can if not pursue legal avenues, have samples of malware which you can send to your AV vendor. I always find it odd that so many large corporates pay lots of $ for AV services, and don't bother sending in samples. It's not helpful bitching about vendors not finding all malware, if you don't make sure they know which malware they don't find. If you reinstall, there's a very good chance, that the reinstalled machine will get reinfected; note it's possible for malware to survive a reinstall.

Thanks for the input guys. Unfortunately I wasn't able to fix the problem before it totally fried my motherboard and cpu, so now I'm coming to you from my laptop. Evidently the malware that I had was attached to the system BIOS on the motherboard before I ever installed anything or got on the net. That's what I get for using a motherboard that was used when I got it (christmas gift). I didn't know it was even possible for a virus to infect a motherboard. I'm still not sure I believe it but that's what I was told.

Anyways, one of my buddies at school sent one of his IT friends over to my house to take a look at it for me. He started running a bunch of tests and looked through my system. And when he was done he told me about some trojan dropper containing a logic bomb. He said it had progressed too far to clean it and suggested that I run a program called "copywipe" and do 8 passes, followed by a fresh reformat and reinstall of windows. He also told me that the bomb was activated by using my function keys and by clicking on "restart" to restart the computer. And each time I used one of these functions the malware got worse and worse and spread further into the system. All the while disguising itself as legit system files with real system filenames that antivirus overlooks.

So he asks me what all I have done and where I've been on the net and I told him that I had just got this computer for christmas (late gift) and all I've done is installed windows and SP2 and my antivirus, and I used google image search a couple of times to try to find some cool wallpapers. Other than that I've done nothing except let windows update download SP3 for me, and that's when stuff started happening. He said he didn't see anything wrong with what I've done except that I should have installed my antivirus 1st and foremost just like you guys suggest. I got Trend Micro Internet Security Pro 2009 for like 60 bucks. I could be wrong but I think it requires SP2 before you can install it, otherwise I would've done it 1st because I'm a security freak. Haha I'm running 6 forms of security on this laptop with no conflicts.

Well, we came to the conclusion that I was given an infested motherboard after watching the computer crash and auto restart itself followed by a screen full of weird symbols and a complete shutdown with smoke coming out of my case. That's when he told me about motherboard malware attaching itself to the BIOS.

So now that you've read my book (sorry), any 2nd opinions? I don't know that I believe the motherboard malware thing because I've never heard of anything like that before. But that doesn't mean it's not possible just because I haven't heard of it, I know there's a lot I haven't heard of. Heck, I still don't know much about computer language and I've been using computers since DOS and Quickmenu were all you had before windows 3.1 came out. Haha, 2400 baud modems and gaming BBS's were the most awesome things ever! So I like to think I know a little bit. This is the 1st time I've ever had a bad problem like this, especially one that caused a system crash ending in a ball of smoke. And get this, when I tore the computer apart afterwards, there was a nice big black spot under the cpu both on top and underneath the motherboard where the cpu is. And the cpu itself got so hot that it stuck to the heatsink and nearly all the little pins that are suppose to be attached to it stayed on the board. All I could say was "wow". I'm glad it was just a gift, but then again, I have a feeling that's why it was a gift considering the source.

Ok I'm sorry for the book. Bring on the 2nd opinions, this is a learning experience for me.

While storing malware in the flash storage for the bios is theoretically possible, it's very unlikely. I'm only aware of one piece of malware that could ever do this, and it didn't do it very well. It sounds to me like you had two separate issues, a bad malware infection and a hardware problem.

Reinstall is never a good option.You can go to whatthetech.com and post your problem in the Hijackthis log and malware removal section along with a Hijackthis log of the infected computer. They are great bunch of people and will surely help you out with your malware issues.

Xen wrote:Reinstall is never a good option.You can go to whatthetech.com and post your problem in the Hijackthis log and malware removal section along with a Hijackthis log of the infected computer. They are great bunch of people and will surely help you out with your malware issues.

It may not be the most desirable method but with the stage he was at with redoing his system I wouldn't have though twice except on my own curiosity of how to fix it. Doing a secure format and reinstalling won't guarantee it can't somehow come back because his home network may be infected for all he knows...but at the beginning of any install I wouldn't think twice....just for future reference for any I found a nice solution if you boot to your favorite live linux distro and install Clam and run the scan on the partition...

Thanks for the help. Next time I'll have a bit more knowledge if anything like that ever happens again. I do have hijackthis installed on this machine but I've never had any problems with this one. It's usually unplugged from the net unless I'm checking mail or coming to places like this or doing research for school work. Basicly it's only online when I need it to be and that's it, and my defenses are pretty strong.

As for the computer that crashed and burned (literally), I agree with you Jason in that there were probably two problems like you said. Since the machine is not even usable until I buy a new mobo and cpu, I don't think I need to worry about the malware coming back or surviving through my home network. My home network only consists of a router and a ps2 but I never even got the chance to hook them up before the big crash happened, the PC was directly plugged into the cable modem the whole time. I've already wiped the HD with that copywipe boot disk. I went ahead and let it do the full 36 passes just to be safe. So it's ready to be formatted and installed on soon as I get my mobo and cpu. Thanks to my buddy at school for letting me plug it in to his PC to do the wipe.